For 0.3.1: fix SEGV in notmuch search if author name ends in comma

For 0.3.1: fix SEGV in notmuch search if author name ends in comma

[Dirk Hohndel]

Another incredibly stupid bug in my code.
Rather obvious fix (I hope) coming up.

/D

[PATCH 1/2] Fix SEGV in _thread_cleanup_author if author ends with ', '

[Dirk Hohndel]

Admittedly, an author name ending in ',' guarantees this is spam, and
indeed this was triggered by a spam email, but that doesn't mean we
shouldn't handle this case correctly.
We now check that there is actually a component of the name (presumably
the first name) after the comma in the author name.

Signed-off-by: Dirk Hohndel <hohndel@infradead.org>
---
 lib/thread.cc |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/thread.cc b/lib/thread.cc
index dc74ee3..13872d4 100644
--- a/lib/thread.cc
+++ b/lib/thread.cc
@@ -156,11 +156,19 @@ _thread_cleanup_author (notmuch_thread_t *thread,
     char *blank;
     int fname,lname;
 
+    if (author == NULL)
+	return NULL;
     clean_author = talloc_strdup(thread, author);
     if (clean_author == NULL)
 	return NULL;
+    /* check if there's a comma in the name and that there's a
+     * component of the name behind it (so the name doesn't end with
+     * the comma - in which case the string that strchr finds is just
+     * one character long ",\0").
+     * Otherwise just return the copy of the original author name that
+     * we just made*/
     comma = strchr(author,',');
-    if (comma) {
+    if (comma && strlen(comma) > 1) {
 	/* let's assemble what we think is the correct name */
 	lname = comma - author;
 	fname = strlen(author) - lname - 2;
@@ -180,7 +188,6 @@ _thread_cleanup_author (notmuch_thread_t *thread,
 	    /* we didn't identify this as part of the email address
 	    * so let's punt and return the original author */
 	    strcpy (clean_author, author);
-
     }
     return clean_author;
 }
-- 
1.6.6.1

[PATCH 2/2] Update NEWS to reflect the SEGV bugfix

[Dirk Hohndel]

Signed-off-by: Dirk Hohndel <hohndel@infradead.org>
---
 NEWS |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/NEWS b/NEWS
index ce0ea45..035e25e 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,12 @@ Notmuch 0.3.1 (2010-04-27)
 ==========================
 General bug fix
 ---------------
+Fix a potential SEGV in "notmuch search"
+
+  This bug could be triggered by an author name ending in a ','.
+  Admittedly - that's almost certainly a spam email. Still needs
+  to be handled correctly.
+
 Fix an infinite loop in "notmuch reply"
 
   This bug could be triggered by replying to a message where the
-- 
1.6.6.1

Re: [PATCH 1/2] Fix SEGV in _thread_cleanup_author if author ends with ', '

[Carl Worth]

[-- Attachment #1: Type: text/plain, Size: 485 bytes --]

On Tue, 27 Apr 2010 16:29:22 -0700, Dirk Hohndel <hohndel@infradead.org> wrote:
> Admittedly, an author name ending in ',' guarantees this is spam, and
> indeed this was triggered by a spam email, but that doesn't mean we
> shouldn't handle this case correctly.
> We now check that there is actually a component of the name (presumably
> the first name) after the comma in the author name.

Thanks. This is pushed out to the 0.3.x branch, and I'll merge it into
master shortly.

-Carl

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]